Violation of Basic Rights
Dave Carlson - February 12, 2008
People and organizations own things that can be seen and things that cannot be seen. Throughout history civilized cultures have held in high regard the rights of individuals to control their own possessions. This paper focuses on violations of two basic rights related to information management: the right to expression and the right to identity. Examples of violations of the right to expression include Denial of Service (DoS), Web defacement, and domain name service (DNS) attacks. Examples of violations of the right to identity (identity theft) include forging signatures, information phishing, and electronic fraud. It is imperative that a person or organization remains vigilant to help prevent attacks or recover as quickly as possible from electronic denials and identity theft.
Violation of Basic Rights
Anyone who has been denied the use of something that belongs to them by any form of unjust interference understands the frustration associated with that loss. People and organizations own things that can be seen (such as a notebook computer) and things that cannot be seen (such as a credit rating). Civilized cultures throughout history have held in high regard the rights of individuals to control their own possessions (Rostovtzeff, 1926).
This paper will focus on violations of two basic rights related to information management: the right to expression and the right to identity. Examples of violations of the right to expression include Denial of Service (DoS), Web defacement, and domain name service (DNS) attacks. Examples of violations of the right to identity (identity theft) include forging signatures, information phishing, and electronic fraud.
Right to Expression
Attacks on Web sites deny the rightful owners the ability to share information and opinions with others. There are many ways the right to expression on the Internet is blocked, changed, or diverted. All of these attacks deprive the rightful owners of their right to expression.
Denial of Service (DoS) Attacks
Janczewski and Colarik (2005) noted the idea behind Denial of Service (DoS) attacks was “to force a target system to become overloaded with activities that reduce its capacity to process legitimate tasks” (p. 86). DoS attacks block access to those trying to view a Web site. The first recorded DoS attacks took place in August 1999 against the University of Minnesota. The attacks lasted two days and involved 214 connected systems (Janczewski & Colarik, 2005).
DoS attacks are “a preferred tool of information warfare specialists and cyber-terrorists” (Janczewski & Colarik, 2005, p. 94), because launching these type of attacks is relatively easy using software that is readily available from the Internet. Singh (2005) suggested three procedures to help reduce the threat of some types of DoS attacks.
Web Defacement Attacks
- Configure routers so they do not forward directed broadcasts onto networks.
- Configure server operating systems to respond to DoS attacks.
- Monitor links between networks to identify and block DoS attacks.
Hacking into Web sites and defacing Web page content frequently is referred to as Web graffiti (Janczewski & Colarik, 2005). Cole (2002) referenced a 1997 example of one of the first instances of Web graffiti. When visitors went to a particular search engine, they were greeted with an ominous message instead of the normal web page. The message claimed that anyone who viewed the page “now has a logic bomb/worm implanted deep within their computer” (Cole, 2002, p. 4). Even though this message was a hoax, it caused a great deal of concern.
An effective method to avoid problems created by defacement attacks is to check content frequently. Web defacements may create confusion and loss of business. Quick reaction can minimize the negative consequences of the attack (Janczewski & Colarik, 2005).
Domain Name Service (DNS) Attacks
Domain Name Service (DNS) is the phone book of the Internet. DNS is a system that translates Internet Protocol (IP) addresses, such as 18.104.22.168 into something easier for humans to remember, such as microsoft.com. Anything that negatively impacts the ability of DNS to deliver the correct address to a browser negatively impacts the right to expression. An attack bypasses the normal DNS process and sends false information about a requested IP address (Janczewski & Colarik, 2005). Prevention of DNS attacks is difficult at this time, because common authentication systems are not universally used in all DNS systems.
Right to Identity
The most successful forgery ring in American history bilked the public of more than $100 million selling fake autographs (Nelson, 2006). It took the Federal Bureau of Investigation (FBI) more than three years in an undercover operation to bring the forgery ring to justice. The FBI successfully put at least fourteen forgery rings out of business (FBI, 2007).
Even though most people are not famous enough to be victims of celebrity autograph forgery, a person’s signature remains the most common method of identification for most financial and legal documents (Martin, 2004). A forged signature on a contract can lead to devastating financial results for the victim. See the Appendix for helpful tips to prevent forgery.
The term phishing is based on “the analogy that Internet scammers are using e-mail lures to ‘fish’ for passwords and financial data from the sea of Internet users” (Rao, Gupta, & Upadhyaya, 2007). There has been an increase in the number and frequency of spam e-mail messages sent to large groups of random e-mail accounts that look like the message originated from a reputable company (Janczewski & Colarik, 2005). People who click on links within the message are taken to a bogus Web site that appears to be legitimate.
When people enter personal information on scam Web sites, the victimization begins. “Unsuspecting customers gladly enter their customer number and password to receive a polite thank you from the scammers (Janczewski & Colarik, 2005, p. 121). Following this polite thank you note, scammers drain the victim’s account and move on to the next unsuspecting victim.
Most online scams appear to originate from Africa, Eastern Europe, and China. It might be tough to pursue legal options overseas (Janczewski & Colarik, 2005). Janczewski and Colarik (2005) offered three suggestions to avoid becoming the victim of a phishing attack.
- Bookmark pages you trust. When you receive an e-mail request for personal information, go to the bookmarked site instead of clicking on a link contained in the e-mail message.
- Verify the location listed in your browser bar to ensure you are viewing the page you intended to visit. Know the legitimate URL and do not be fooled by something close.
- Be cautions before completing online forms. Ensure you are at a trusted site before submitting any personal information.
“Manipulation of computerized payment systems has been used for decades as a way of stealing” (Grabosky, Smith, & Dempsey, 2001, p. 60). Anyone who uses an electronic payment system is at risk from electronic fraud. One of the weakest elements in electronic payment systems are humans and their passwords. Most humans prefer easy-to-remember passwords. Using complex passwords (instead of using one’s pet’s name or a birth date) add additional security to help prevent electronic fraud (Grabosky, Smith, & Dempsey, 2001).
There are many threats to freedoms. This paper has focused on two major categories of freedoms: right to expression and right to identity. Some attacks are difficult to prevent, but most attacks can be prevented or the damage minimized with the appropriate response. It is imperative that a person or organization remains vigilant to help prevent attacks or recover as quickly as possible from electronic denials and identity theft.
Cole, E. (2002). Hackers beware. Indianapolis, IN: Sams Publishing.
Federal Bureau of Investigation (FBI). (2007). Operation bullpen. Retrieved February 11, 2008 from http://www.fbi.gov/hq/cid/fc/ec/sm/smoverview.htm
Grabosky, P., Smith, R. G., and Dempsey, G. (2001). Electronic theft: Unlawful acquisition in cyberspace. Cambridge, UK: Cambridge University Press.
Janczewski, L. and Colarik, A. (2005). Managerial guide for handling cyber-terrorism and information warfare. Hershey, PA: Idea Group Publishing.
Martin,/ R. (2004). Forgery prevention tips. Part of the forgery forensics collection. Retrieved February 11, 2008 from http://forgery.net/fpt.shtml
Nelson, K. (2005). Operation bullpen. Southampton, UK: Southampton Books.
Rao, H. R., Gupta, M., and Upadhyaya, S. (2007). Managing information assurance in financial services. Hershey, PA: Idea Group.
Rostovtzeff, M. (1926). A history of the ancient world: The Orient and Greece. Cheshire, CT: Biblo & Tannen.
Singh, A. (2005). Demystifying denial-of-service attacks. Retrieved February 11, 2008 from http://www.securityfocus.com/infocus/1853